Finding Text
Identification of the Federal Program - Student Financial Aid Cluster - Assistance Listing Nos. 84.007, 84.033, 84.038, 84.063, and 84.268. Criteria - 16 CFR 314.3, Standards for Safeguarding Customer Information, requires that the University develop, implement, and maintain a comprehensive information security program that insures the security and confidentiality of customer information; protects against any anticipated threats or hazards to the security or integrity of such information; and protects against unauthorized access to or use of such information that could result in substantial hardship or inconvenience to any customer. Condition - Controls were not sufficient to ensure protection of customer information. Effect - The University experienced a cyber security incident where customer information was potentially compromised. Cause - Information technology controls were not adequate to prevent a cyber security incident. Recommendation - The University should continue its efforts to improve controls related to network security to ensure protection of customer information. Views of Responsible Officials - Management agrees with the finding. As required, the University notified the Department of Education?s Office of Federal Student Aid (FSA) of the incident via the online portal notification on April 23, 2022. The FSA provided notice to the University on June 9, 2022 that it had reviewed the information, provided responses, and closed the incident.